DNS records visible only for LAN computers
kcd at chrysler.com
Wed Nov 18 16:12:16 UTC 2009
Peter Macko wrote:
> I have a domain example.com that is hosted on DNS under control of my
> internet provider.
> Web server www.example.com is hosted by another company.
> I have setup a local DNS for computers on my LAN. I have a LDAP server
> on LAN.
> I want to make LDAP visible only for computers on LAN without altering
> DNS (of the internet provider).
> The name of LDAP server should be ldap.example.com. Is it possible to
> do it?
> I can think of two solutions:
> 1) I could create master zone for example.com on DNS (on LAN). This
> way I have to create A record for www.example.com,
> but if internet provider changed ip address of the web-server,
> computers on lan would not reach
> www.example.com and I would have to update A record on local DNS.
> 2) Another solution is to create zonefile for subdomain
> local.example.com on LAN DNS, so ldap.local.example.com.
> But this is not exactly what I want.
3) Create a zone called "ldap.example.com". Put the A record for your
LDAP server at the apex of the zone.
Obviously, this isn't really scalable -- you don't want to have to
create zones and zone definitions for every resource on your LAN, but
this is the price you pay for being so disjointed from your
webservice/external-DNS provider that they don't even bother telling you
when they change the IPs of your main website. If you want scalability,
you should take control of example.com yourself and then implement
something like "view"s to control how it is presented to internal versus
More information about the bind-users